← Back to home
ICSA-18-226-02  ·  Published 2022-09-13  ·  View on CISA ICS-CERT ↗

Siemens OpenSSL Vulnerability in Industrial Products (Update E)

CVSS 5.9 MEDIUM

CVEs (1)

Remediations

  • Limit network access using appropriate mechanisms (e.g., firewalls)
  • Disable web server within the device configuration if it is not used or limit access to the web server on a particular Ethernet/PROFINET port/interface if possible (setting is under General / Web server access).
  • Update to V3.14 P021 or later version
  • Update to V3.15 P014 or later version
  • Update to V3.16 P002 or later version
  • Update to V2.0.12 / 3.0.12, installing latest Sinumerik Integrate Product suite.
  • Update to V4.1.8, installing latest Sinumerik Integrate Product suite.
  • Update to V2.6 or later version
  • Update to V03.01 or later version. Use the Mindsphere web frontend to update
  • Update to V15.1 or later version
  • Update to V2.1.1.0 or later version
  • Update to V5.0.3 or later version
  • Update to V13 SP2 Update 2 or later version
  • Update to V14 SP1 Update 6 or later version
  • Update to V14 SP1 Upd 6 or later version
  • Update to V15 Update 2 or later version
  • Update to V2.5.2 or later version
  • Update to V4.2.3 or later version
  • Update to V2.1.6 or later version

Affected Vendors

Siemens

Affected Products (20)

Siemens · MindConnect IoT2040 <V03.01
Siemens · MindConnect Nano (IPC227D) <V03.01
Siemens · SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) >=V2.0_<V2.1.6
Siemens · SIMATIC HMI WinCC Flexible <V15.1
Siemens · SIMATIC IPC DiagBase <V2.1.1.0
Siemens · SIMATIC IPC DiagMonitor <V5.0.3
Siemens · SIMATIC S7-1200 CPU family (incl. SIPLUS variants) <V4.2.3
Siemens · SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) <V2.5.2
Siemens · SIMATIC S7-1500 Software Controller >=V2.0_and_<V2.6
Siemens · SIMATIC STEP 7 (TIA Portal) V13 <V13_SP2_Update_2
Siemens · SIMATIC STEP 7 (TIA Portal) V14 <V14_SP1_Update_6
Siemens · SIMATIC STEP 7 (TIA Portal) V15 <V15_Update_2
Siemens · SIMATIC WinCC (TIA Portal) V13 <V13_SP2_Update_2
Siemens · SIMATIC WinCC (TIA Portal) V14 <V14_SP1_Upd_6
Siemens · SIMATIC WinCC (TIA Portal) V15 <V15_Update_2
Siemens · SIMATIC WinCC OA V3.14 <V3.14_P021
Siemens · SIMATIC WinCC OA V3.15 <V3.15_P014
Siemens · SIMATIC WinCC OA V3.16 <V3.16_P002
Siemens · SINUMERIK Integrate Access MyMachine service engineer client as part of Sinumerik Integrate Product suite <V4.1.8
Siemens · SINUMERIK Integrate Operate Client as part of Sinumerik Integrate Product suite <=2.0.11_/_3.0.11

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more